aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add add- set- remove- auto descriptions. Hide scope line when no scope provided

Browse Source
pull/4786/head
Todd 2 years ago
parent 85a72d357a
commit 652b3e75e5
2 changed files with 58 additions and 64 deletions
Show Stats Download Patch File Download Diff File

97
internal/website/permstable/permstable.go
Unescape View File

@ -74,7 +74,9 @@ func main() {
name := strings.Replace(res.String(), "-", " ", 1)
singularName := name
switch []rune(strings.ToLower(singularName))[0] {
case 'a', 'e', 'i', 'o', 'u':
case 'a', 'e', 'i', 'o':
// 'u' is not included since our only u word is 'user' which
// should use an 'a'.
singularName = "an " + singularName
default:
singularName = "a " + singularName
@ -95,8 +97,13 @@ func main() {
panic("This shouldn't happen!")
}
for a := range colActions {
actionName := a.String()
examples := []string{
fmt.Sprintf("type=<type>;actions=%s", a.String()),
fmt.Sprintf("type=<type>;actions=%s", actionName),
}
if strings.Contains(actionName, ":") {
parentActionName := strings.SplitN(actionName, ":", 1)[0]
examples = append([]string{fmt.Sprintf("type=<type>;actions=%s", parentActionName)}, examples...)
}
collectionEndpoints.Actions = append(collectionEndpoints.Actions, &Action{
Name: a.String(),
@ -139,9 +146,7 @@ func main() {
return strings.Compare(a.String(), b.String()) - aWeight + bWeight
})
fmt.Printf("======= Resource ======: %s\n", res.String())
for _, a := range idActions {
fmt.Printf("Action: %s\n", a.String())
if a == action.NoOp {
continue
}
@ -158,13 +163,17 @@ func main() {
})
}
endpoints := make([]*Endpoint, 0, 2)
if len(collectionEndpoints.Actions) > 0 {
endpoints = append(endpoints, collectionEndpoints)
}
if len(idEndpoints.Actions) > 0 {
endpoints = append(endpoints, idEndpoints)
}
pr := &Resource{
Type: name,
Scopes: info.scopes,
Endpoints: []*Endpoint{
collectionEndpoints,
idEndpoints,
},
Type: name,
Scopes: info.scopes,
Endpoints: endpoints,
}
page.Resources = append(page.Resources, pr)
@ -243,11 +252,13 @@ func (r *Resource) Marshal() (ret []string) {
for _, s := range r.Scopes {
scopes = append(scopes, fmt.Sprintf("**%s**", s))
}
ret = append(ret, fmt.Sprintf(
"The **%s** resource type supports the following scopes: %s\n",
toSentenceCase(r.Type),
strings.TrimSpace(strings.Join(scopes, ", ")),
))
if len(scopes) > 0 {
ret = append(ret, fmt.Sprintf(
"The **%s** resource type supports the following scopes: %s\n",
toSentenceCase(r.Type),
strings.TrimSpace(strings.Join(scopes, ", ")),
))
}
// Table Header
ret = append(ret, fmt.Sprintf("| %s |", strings.Join(tableHeaders, " | ")))
@ -350,14 +361,19 @@ func (i info) description(t action.Type, singleResourceName string) string {
case action.Create:
return fmt.Sprintf("Create %s", singleResourceName)
}
// TODO: Add something here which follows the template
// "Add Xs to an R"
// "Set the full set of Xs on an R"
// "Remove Xs from an R"
switch {
case strings.HasPrefix(t.String(), "add-"):
thing := strings.SplitN(t.String(), "-", 2)[1]
thing = strings.ReplaceAll(thing, "-", " ")
return fmt.Sprintf("Add %s to %s", thing, singleResourceName)
case strings.HasPrefix(t.String(), "set-"):
thing := strings.SplitN(t.String(), "-", 2)[1]
thing = strings.ReplaceAll(thing, "-", " ")
return fmt.Sprintf("Set the full set of %s on %s", thing, singleResourceName)
case strings.HasPrefix(t.String(), "remove-"):
thing := strings.SplitN(t.String(), "-", 2)[1]
thing = strings.ReplaceAll(thing, "-", " ")
return fmt.Sprintf("Remove %s from %s", thing, singleResourceName)
}
return ""
}
@ -370,6 +386,9 @@ var resources = map[resource.Type]info{
action.ChangePassword: "Change a password on an account given the current password",
},
},
resource.Alias: {
scopes: append(iamScopes, infraScope...),
},
resource.AuthMethod: {
scopes: iamScopes,
actionDescriptions: map[action.Type]string{
@ -379,13 +398,17 @@ var resources = map[resource.Type]info{
resource.AuthToken: {
scopes: iamScopes,
},
resource.Credential: {
scopes: infraScope,
},
resource.CredentialLibrary: {
scopes: infraScope,
},
resource.CredentialStore: {
scopes: infraScope,
},
resource.Group: {
scopes: append(iamScopes, infraScope...),
actionDescriptions: map[action.Type]string{
action.AddMembers: "Add members to a group",
action.SetMembers: "Set the full set of members on a group",
action.RemoveMembers: "Remove members from a group",
},
},
resource.Host: {
scopes: infraScope,
@ -395,25 +418,12 @@ var resources = map[resource.Type]info{
},
resource.HostSet: {
scopes: infraScope,
actionDescriptions: map[action.Type]string{
action.AddHosts: "Add hosts to a host-set",
action.SetHosts: "Set the full set of hosts on a host set",
action.RemoveHosts: "Remove hosts from a host set",
},
},
resource.ManagedGroup: {
scopes: iamScopes,
},
resource.Role: {
scopes: append(iamScopes, infraScope...),
actionDescriptions: map[action.Type]string{
action.AddPrincipals: "Add principals to a role",
action.SetPrincipals: "Set the full set of principals on a role",
action.RemovePrincipals: "Remove principals from a role",
action.AddGrants: "Add grants to a role",
action.SetGrants: "Set the full set of grants on a role",
action.RemoveGrants: "Remove grants from a role",
},
},
resource.Scope: {
scopes: iamScopes,
@ -439,22 +449,11 @@ var resources = map[resource.Type]info{
resource.Target: {
scopes: infraScope,
actionDescriptions: map[action.Type]string{
action.AddHostSources: "Add host sources to a target",
action.SetHostSources: "Set the full set of host sources on a target",
action.RemoveHostSources: "Remove host sources from a target",
action.AddCredentialSources: "Add credential sources to a target",
action.SetCredentialSources: "Set the full set of credential sources on a target",
action.RemoveCredentialSources: "Remove credential sources from a target",
action.AuthorizeSession: "Authorize a session via the target",
action.AuthorizeSession: "Authorize a session via the target",
},
},
resource.User: {
scopes: iamScopes,
actionDescriptions: map[action.Type]string{
action.AddAccounts: "Add accounts to a user",
action.SetAccounts: "Set the full set of accounts on a user",
action.RemoveAccounts: "Remove accounts from a user",
},
},
resource.Worker: {
scopes: []string{"Global"},

25
website/content/docs/concepts/security/permissions/resource-table.mdx
Unescape View File

@ -52,7 +52,7 @@ The **Account** resource type supports the following scopes: **Global**, **Org**
## Alias
The **Alias** resource type supports the following scopes:
The **Alias** resource type supports the following scopes: **Global**, **Org**, **Project**
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
@ -79,16 +79,13 @@ The **Auth token** resource type supports the following scopes: **Global**, **Or
## Billing
The **Billing** resource type supports the following scopes:
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
| <code>/billing</code> | <ul><li>Type</li><ul><li><code>billing</code></li></ul></ul> | <ul><li><code>monthly-active-users</code>: </li><ul><li>`type=<type>;actions=monthly-active-users`</li></ul></ul> |
| <code>/billing/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Type</li><ul><li><code>billing</code></li></ul></ul> | <ul></ul> |
## Credential
The **Credential** resource type supports the following scopes:
The **Credential** resource type supports the following scopes: **Project**
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
@ -97,7 +94,7 @@ The **Credential** resource type supports the following scopes:
## Credential library
The **Credential library** resource type supports the following scopes:
The **Credential library** resource type supports the following scopes: **Project**
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
@ -106,7 +103,7 @@ The **Credential library** resource type supports the following scopes:
## Credential store
The **Credential store** resource type supports the following scopes:
The **Credential store** resource type supports the following scopes: **Project**
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
@ -147,7 +144,7 @@ The **Host set** resource type supports the following scopes: **Project**
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
| <code>/host-sets</code> | <ul><li>Type</li><ul><li><code>host-set</code></li></ul></ul> | <ul><li><code>create</code>: Create a host set</li><ul><li>`type=<type>;actions=create`</li></ul><li><code>list</code>: List host sets</li><ul><li>`type=<type>;actions=list`</li></ul></ul> |
| <code>/host-sets/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Pin</li><ul><li><code>&lt;host-catalog-id&gt;</code></li></ul><li>Type</li><ul><li><code>host-set</code></li></ul></ul> | <ul><li><code>read</code>: Read a host set</li><ul><li>`ids=<id>;actions=read`</li><li>`ids=<pin>;type=<type>;actions=read`</li></ul><li><code>update</code>: Update a host set</li><ul><li>`ids=<id>;actions=update`</li><li>`ids=<pin>;type=<type>;actions=update`</li></ul><li><code>delete</code>: Delete a host set</li><ul><li>`ids=<id>;actions=delete`</li><li>`ids=<pin>;type=<type>;actions=delete`</li></ul><li><code>add-hosts</code>: Add hosts to a host-set</li><ul><li>`ids=<id>;actions=add-hosts`</li><li>`ids=<pin>;type=<type>;actions=add-hosts`</li></ul><li><code>remove-hosts</code>: Remove hosts from a host set</li><ul><li>`ids=<id>;actions=remove-hosts`</li><li>`ids=<pin>;type=<type>;actions=remove-hosts`</li></ul><li><code>set-hosts</code>: Set the full set of hosts on a host set</li><ul><li>`ids=<id>;actions=set-hosts`</li><li>`ids=<pin>;type=<type>;actions=set-hosts`</li></ul></ul> |
| <code>/host-sets/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Pin</li><ul><li><code>&lt;host-catalog-id&gt;</code></li></ul><li>Type</li><ul><li><code>host-set</code></li></ul></ul> | <ul><li><code>read</code>: Read a host set</li><ul><li>`ids=<id>;actions=read`</li><li>`ids=<pin>;type=<type>;actions=read`</li></ul><li><code>update</code>: Update a host set</li><ul><li>`ids=<id>;actions=update`</li><li>`ids=<pin>;type=<type>;actions=update`</li></ul><li><code>delete</code>: Delete a host set</li><ul><li>`ids=<id>;actions=delete`</li><li>`ids=<pin>;type=<type>;actions=delete`</li></ul><li><code>add-hosts</code>: Add hosts to a host set</li><ul><li>`ids=<id>;actions=add-hosts`</li><li>`ids=<pin>;type=<type>;actions=add-hosts`</li></ul><li><code>remove-hosts</code>: Remove hosts from a host set</li><ul><li>`ids=<id>;actions=remove-hosts`</li><li>`ids=<pin>;type=<type>;actions=remove-hosts`</li></ul><li><code>set-hosts</code>: Set the full set of hosts on a host set</li><ul><li>`ids=<id>;actions=set-hosts`</li><li>`ids=<pin>;type=<type>;actions=set-hosts`</li></ul></ul> |
## Managed group
@ -160,8 +157,6 @@ The **Managed group** resource type supports the following scopes: **Global**, *
## Policy
The **Policy** resource type supports the following scopes:
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
| <code>/policies</code> | <ul><li>Type</li><ul><li><code>policy</code></li></ul></ul> | <ul><li><code>create</code>: Create a policy</li><ul><li>`type=<type>;actions=create`</li></ul><li><code>list</code>: List policys</li><ul><li>`type=<type>;actions=list`</li></ul></ul> |
@ -174,7 +169,7 @@ The **Role** resource type supports the following scopes: **Global**, **Org**, *
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
| <code>/roles</code> | <ul><li>Type</li><ul><li><code>role</code></li></ul></ul> | <ul><li><code>create</code>: Create a role</li><ul><li>`type=<type>;actions=create`</li></ul><li><code>list</code>: List roles</li><ul><li>`type=<type>;actions=list`</li></ul></ul> |
| <code>/roles/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Type</li><ul><li><code>role</code></li></ul></ul> | <ul><li><code>read</code>: Read a role</li><ul><li>`ids=<id>;actions=read`</li></ul><li><code>update</code>: Update a role</li><ul><li>`ids=<id>;actions=update`</li></ul><li><code>delete</code>: Delete a role</li><ul><li>`ids=<id>;actions=delete`</li></ul><li><code>add-grant-scopes</code>: </li><ul><li>`ids=<id>;actions=add-grant-scopes`</li></ul><li><code>add-grants</code>: Add grants to a role</li><ul><li>`ids=<id>;actions=add-grants`</li></ul><li><code>add-principals</code>: Add principals to a role</li><ul><li>`ids=<id>;actions=add-principals`</li></ul><li><code>remove-grant-scopes</code>: </li><ul><li>`ids=<id>;actions=remove-grant-scopes`</li></ul><li><code>remove-grants</code>: Remove grants from a role</li><ul><li>`ids=<id>;actions=remove-grants`</li></ul><li><code>remove-principals</code>: Remove principals from a role</li><ul><li>`ids=<id>;actions=remove-principals`</li></ul><li><code>set-grant-scopes</code>: </li><ul><li>`ids=<id>;actions=set-grant-scopes`</li></ul><li><code>set-grants</code>: Set the full set of grants on a role</li><ul><li>`ids=<id>;actions=set-grants`</li></ul><li><code>set-principals</code>: Set the full set of principals on a role</li><ul><li>`ids=<id>;actions=set-principals`</li></ul></ul> |
| <code>/roles/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Type</li><ul><li><code>role</code></li></ul></ul> | <ul><li><code>read</code>: Read a role</li><ul><li>`ids=<id>;actions=read`</li></ul><li><code>update</code>: Update a role</li><ul><li>`ids=<id>;actions=update`</li></ul><li><code>delete</code>: Delete a role</li><ul><li>`ids=<id>;actions=delete`</li></ul><li><code>add-grant-scopes</code>: Add grant scopes to a role</li><ul><li>`ids=<id>;actions=add-grant-scopes`</li></ul><li><code>add-grants</code>: Add grants to a role</li><ul><li>`ids=<id>;actions=add-grants`</li></ul><li><code>add-principals</code>: Add principals to a role</li><ul><li>`ids=<id>;actions=add-principals`</li></ul><li><code>remove-grant-scopes</code>: Remove grant scopes from a role</li><ul><li>`ids=<id>;actions=remove-grant-scopes`</li></ul><li><code>remove-grants</code>: Remove grants from a role</li><ul><li>`ids=<id>;actions=remove-grants`</li></ul><li><code>remove-principals</code>: Remove principals from a role</li><ul><li>`ids=<id>;actions=remove-principals`</li></ul><li><code>set-grant-scopes</code>: Set the full set of grant scopes on a role</li><ul><li>`ids=<id>;actions=set-grant-scopes`</li></ul><li><code>set-grants</code>: Set the full set of grants on a role</li><ul><li>`ids=<id>;actions=set-grants`</li></ul><li><code>set-principals</code>: Set the full set of principals on a role</li><ul><li>`ids=<id>;actions=set-principals`</li></ul></ul> |
## Scope
@ -227,8 +222,8 @@ The **User** resource type supports the following scopes: **Global**, **Org**
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
| <code>/users</code> | <ul><li>Type</li><ul><li><code>user</code></li></ul></ul> | <ul><li><code>create</code>: Create an user</li><ul><li>`type=<type>;actions=create`</li></ul><li><code>list</code>: List users</li><ul><li>`type=<type>;actions=list`</li></ul></ul> |
| <code>/users/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Type</li><ul><li><code>user</code></li></ul></ul> | <ul><li><code>read</code>: Read an user</li><ul><li>`ids=<id>;actions=read`</li></ul><li><code>update</code>: Update an user</li><ul><li>`ids=<id>;actions=update`</li></ul><li><code>delete</code>: Delete an user</li><ul><li>`ids=<id>;actions=delete`</li></ul><li><code>add-accounts</code>: Add accounts to a user</li><ul><li>`ids=<id>;actions=add-accounts`</li></ul><li><code>list-resolvable-aliases</code>: </li><ul><li>`ids=<id>;actions=list-resolvable-aliases`</li></ul><li><code>remove-accounts</code>: Remove accounts from a user</li><ul><li>`ids=<id>;actions=remove-accounts`</li></ul><li><code>set-accounts</code>: Set the full set of accounts on a user</li><ul><li>`ids=<id>;actions=set-accounts`</li></ul></ul> |
| <code>/users</code> | <ul><li>Type</li><ul><li><code>user</code></li></ul></ul> | <ul><li><code>create</code>: Create a user</li><ul><li>`type=<type>;actions=create`</li></ul><li><code>list</code>: List users</li><ul><li>`type=<type>;actions=list`</li></ul></ul> |
| <code>/users/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Type</li><ul><li><code>user</code></li></ul></ul> | <ul><li><code>read</code>: Read a user</li><ul><li>`ids=<id>;actions=read`</li></ul><li><code>update</code>: Update a user</li><ul><li>`ids=<id>;actions=update`</li></ul><li><code>delete</code>: Delete a user</li><ul><li>`ids=<id>;actions=delete`</li></ul><li><code>add-accounts</code>: Add accounts to a user</li><ul><li>`ids=<id>;actions=add-accounts`</li></ul><li><code>list-resolvable-aliases</code>: </li><ul><li>`ids=<id>;actions=list-resolvable-aliases`</li></ul><li><code>remove-accounts</code>: Remove accounts from a user</li><ul><li>`ids=<id>;actions=remove-accounts`</li></ul><li><code>set-accounts</code>: Set the full set of accounts on a user</li><ul><li>`ids=<id>;actions=set-accounts`</li></ul></ul> |
## Worker
@ -236,8 +231,8 @@ The **Worker** resource type supports the following scopes: **Global**
| API endpoint | Parameters into permissions engine | Available actions / examples |
| ------------ | ---------------------------------- | ---------------------------- |
| <code>/workers</code> | <ul><li>Type</li><ul><li><code>worker</code></li></ul></ul> | <ul><li><code>create:controller-led</code>: Create a worker using the controller-led workflow</li><ul><li>`type=<type>;actions=create:controller-led`</li></ul><li><code>create:worker-led</code>: Create a worker using the worker-led workflow</li><ul><li>`type=<type>;actions=create:worker-led`</li></ul><li><code>list</code>: List workers</li><ul><li>`type=<type>;actions=list`</li></ul><li><code>read-certificate-authority</code>: </li><ul><li>`type=<type>;actions=read-certificate-authority`</li></ul><li><code>reinitialize-certificate-authority</code>: </li><ul><li>`type=<type>;actions=reinitialize-certificate-authority`</li></ul></ul> |
| <code>/workers/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Type</li><ul><li><code>worker</code></li></ul></ul> | <ul><li><code>read</code>: Read a worker</li><ul><li>`ids=<id>;actions=read`</li></ul><li><code>update</code>: Update a worker</li><ul><li>`ids=<id>;actions=update`</li></ul><li><code>delete</code>: Delete a worker</li><ul><li>`ids=<id>;actions=delete`</li></ul><li><code>add-worker-tags</code>: </li><ul><li>`ids=<id>;actions=add-worker-tags`</li></ul><li><code>remove-worker-tags</code>: </li><ul><li>`ids=<id>;actions=remove-worker-tags`</li></ul><li><code>set-worker-tags</code>: </li><ul><li>`ids=<id>;actions=set-worker-tags`</li></ul></ul> |
| <code>/workers</code> | <ul><li>Type</li><ul><li><code>worker</code></li></ul></ul> | <ul><li><code>create:controller-led</code>: Create a worker using the controller-led workflow</li><ul><li>`type=<type>;actions=create:controller-led`</li><li>`type=<type>;actions=create:controller-led`</li></ul><li><code>create:worker-led</code>: Create a worker using the worker-led workflow</li><ul><li>`type=<type>;actions=create:worker-led`</li><li>`type=<type>;actions=create:worker-led`</li></ul><li><code>list</code>: List workers</li><ul><li>`type=<type>;actions=list`</li></ul><li><code>read-certificate-authority</code>: </li><ul><li>`type=<type>;actions=read-certificate-authority`</li></ul><li><code>reinitialize-certificate-authority</code>: </li><ul><li>`type=<type>;actions=reinitialize-certificate-authority`</li></ul></ul> |
| <code>/workers/&lt;id&gt;</code> | <ul><li>ID</li><ul><li><code>&lt;id&gt;</code></li></ul><li>Type</li><ul><li><code>worker</code></li></ul></ul> | <ul><li><code>read</code>: Read a worker</li><ul><li>`ids=<id>;actions=read`</li></ul><li><code>update</code>: Update a worker</li><ul><li>`ids=<id>;actions=update`</li></ul><li><code>delete</code>: Delete a worker</li><ul><li>`ids=<id>;actions=delete`</li></ul><li><code>add-worker-tags</code>: Add worker tags to a worker</li><ul><li>`ids=<id>;actions=add-worker-tags`</li></ul><li><code>remove-worker-tags</code>: Remove worker tags from a worker</li><ul><li>`ids=<id>;actions=remove-worker-tags`</li></ul><li><code>set-worker-tags</code>: Set the full set of worker tags on a worker</li><ul><li>`ids=<id>;actions=set-worker-tags`</li></ul></ul> |
<!-- END TABLE -->

Write Preview
Loading…
Cancel
Save